Once the furore over the recent leaked batch of nude photos of actresses had calmed and Perez Hilton had rediscovered his moral compass, thoughts turned towards the possible source of the disclosure. This saw a round-up of the usual suspects: ex-husbands and lovers indulging in revenge porn; disgruntled ex-employees abusing access rights to hit back over perceived mis-treatment; thieves who’d gained access via a stolen phone or tablet; and hackers.
It appears that the event was down to a small group of hackers who had accumulated the images over the course of a number of years. Undoubtedly male (and emotionally retarded), the group had found the images through some relatively basic hacking - using an email address to log-in and hitting the “forgotten password” link to spoof security checks. As a technique, it is not that different from how tabloid newspapers got into celebrities’ phone messages and has led to a similar level of embarrassment all round.
What was surprising during discussion of the leak was who nobody thought to blame - a man working for iCloud (or one of its many data centres). The concept of an insider using systems access privileges to skim off some celebrity skin does not seem to have occurred to most technology vendors and journalists who offered comment.
Either that, or there is a conspiracy of silence around the possibility that the greatest security risks are posed by employees of such services. Accept that possibility and the booming digital storage industry risks falling down like a pack of cards.
Yet this is not only one of the most potent threats to security, it is also one of the fastest-growing. As Edward Snowden demonstrated by stealing a massive cache of what were theoretically the most secure documents in the world, the people who run these systems have the biggest potential to abuse them.
If Apple has proved to its own satisfaction that external hackers were behind the leak, it can blame them and offer some of the usual platitudes to customers about changing their passwords. You can bet it will not be reviewing internal controls and considering what it would have needed to do in the event of an insider attack. Such changes are too expensive and would make the business less agile, thereby slowing growth.
But one thing is certain - in the next three years there will be a massive download of personal data (including pictures) from a cloud storage service by somebody working within the organisation. At this point, customer trust will be severely tested (although my other forecast is that fearful consumers simply switch to a different, unbreached provider rather than rethinking their online sharing behaviour).
Companies regularly claim that customer trust is at the heart of what they do - few really mean it. If they did, costs would be higher, security checks more stringent - and competitive advantage handed over to less scrupulous rivals. Instead, this generation of cloud companies are happy to place bets with their customers’ privacy.
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024